# What is configuration drift and why should I monitor it?

Configuration drift is the gradual deviation of a system's settings from its established, secure baseline due to manual changes, software updates, or unauthorised modifications. Monitoring for drift is essential because even small changes—such as an accidentally opened port or a disabled security service—can create new vulnerabilities. By using automated tools to detect and alert on these changes, security teams can ensure that systems remain in a known, secure state. Our documentation on [maintaining secure configurations](https://www.agilicus.com/anyx-guide/site-firewall-configuration/) provides further context.

For more information, see [Industrial Cyber Security Best Practices](https://www.agilicus.com/white-papers/industrial-cyber-security-best-practices/).